Ask MetaFilter questions tagged with SSH

How to automate backups on my ftp server?

stupidsexyFlanders — Sat, 05 Dec 2009 12:29:34 -0800

I have some wordpress sites hosted at bluehost that I want to keep backed up. Can you help me automate this? Detailed needs inside. What I've been doing is going to the bluehost control panel every few weeks and manually downloading, first, all the files on the ftp server. Then I'm separately downloading all the dbs. Then I'm throwing them all in a folder on my local machine and have Carbonite back them up remotely. I keep five backup sets, and delete the oldest when I add a new one.

I would like to automate this 100% if possible -- maybe have some kind of script that every week zips up the backups into a one big file on the ftp server, which I can then use SynchBack Pro to mirror to my local HD on a regular basis?

The solution would have to compress all the dbs and a defined portion of the ftp file structure into one file named 120509.* (itself inside a folder called /backups). The following week, same exact thing, except the files are compressed into 121209.*, etc. Each week it should look in /backups for a file named with a date older than 5 weeks and delete it.

Then I would use Synchback every week to pull down the contents of /backups on the ftp server to my local drive, which I will tell Carbonite to pull up remotely.

What do I do to automate the compressing and saving and sequential naming and date-based deleting on the ftp server?

I've never used cron or SSH and only done super basic stuff using phpmysql. I've read through these two askmes and while they did include code snippets that seemed like what I needed, I don't know what to do with them or how to modify them to do what I specifically need. So speak very slowly. Thanks!

SSH, transparency, tabs, windows, and !putty.

SpecialK — Fri, 02 Oct 2009 18:26:38 -0800

Windows SSH Client for linux sysadmins that's not PuTTY? Transparency and Tabs needed! I'm obviously missing something. I mean, I've got xterm and all of it's clones on x11 and I've got iTerm on Linux, and both support fast rendering, background transparency to desktop (alpha), and there are nice features in some like custom keyboard shortcuts for different servers and scripting command to run across a group of servers.

Unfortunately, putty seems to be the only free option on Windows that's any good. And it doesn't have tabs without a wrapper add-on, and the add-on doesn't support transparency. KiTTY has background alpha, but no tabs, and background alpha doesn't work with the wrapper. Epic fail.

I'm willing to pay. What are the best ssh clients for Windows Vista or 7 with tabs and background transparency? "Use Mac/Linux" is as much of a deal killer as "no transparency", I'm afraid. There just isn't any other option at work.

How do I remotely access a mysql database with ssh on windows?

Fluffy654 — Tue, 07 Jul 2009 08:06:30 -0800

How do I remotely access a mysql database with ssh on windows? Please assume that I have virtually no idea about the above process. Although I can use various web languages, including mysql, I have so far only used them on my own machine. Now I wish to try and connect to a database hosted remotely.

I have checked around and found plenty of advice for linux but how do I accomplish this in Windows? What exactly do I type in and where exactly do I type it in to?

The more steps you give me, the better! Thanks! Also the database has already been set up to allow this connection.

SSH through the AS12880 / DCI Iranian government-run firewall?

thewalrus — Mon, 22 Jun 2009 20:54:42 -0800

Iranian firewallfilter: How to make SSH traffic not resemble SSH traffic, when examined by a deep packet inspection device (Ellacoya, Narus, etc)? Other advice on specific types of VPN from within Iran also welcome. I've been following the news about Iranian Internet censorship for a few years now, but obviously started paying more attention in the last couple of weeks. There's two interesting papers examining AS12880 (DCI)'s Internet transit from Arbor Networks:

Iranian Traffic Engineering

Deeper Look at the Iranian Firewall

Misc:

Robtex page examining AS12880's uplinks to the world

Rense page, strange changes in Iranian Internet transit

What I'm wondering specifically is methods which can be taken to make SSH traffic look -less- like SSH traffic. Assume that a person inside Iran has root on a European-colocated FreeBSD or Linux system (or root on a VPS/Virtual Machine) running the latest OpenSSH. The sshd would of course be listening for incoming connections on a nonstandard port, it could be any port, or multiple different ports. If I remember right OpenSSH now defaults to SSH2/AES but can also use Blowfish. Are there any methods that can be used to disguise the initial SSH handshake and packet headers? Any special tricks from the client software end, assuming that the client (OSX or Linux) can run any ssh client that will compile on it?

Is VPN traffic (Cisco, or Juniper-Netscreen SSL-VPN) less likely to trigger flags or get blocked than SSH?

Does anyone have firsthand or secondhand experience of Windows Remote Desktop / RDP 5.1 being blocked from within Iran?

ssh, I'm not listening ...

scruss — Sat, 23 May 2009 15:32:58 -0800

How do I really - no, really - put my home server in my Linksys WRT350N router's DMZ? The router says it is, but it clearly isn't. I'm having great difficulty getting a server to pass through an SSH connection to the internet. This used to work fine with an older Netgear router, but the Linksys WRT350N is not so happy. Everything in the router and modem's configuration would appear to show that pass-through to the DMZ should happen, but it's clearly not. I can't ssh or ping the server from a remote location.

I've tried putting the Speedtouch 546 modem into bridge mode, but all that happens is I lose the ability to resolve IP addresses.

I have the MAC address of the Sheevaplug server set as being the DMZ in the WRT350N. The 546 is set to put the router as a public IP. I have a static IP.

I know I could connect the server to one of the ports on the Speedtouch, but I really need to be able to see it inside my network.

SSH on Kindle2

hal incandenza — Sat, 23 May 2009 12:26:04 -0800

Has anybody managed to get an ssh client working on a Kindle 2? Others seem to have gotten it working using javascript and the basic web browser, but I've had no luck so far.

Global Proxy in Ubuntu with SOCKS and ssh

SpiffyRob — Mon, 11 May 2009 13:53:42 -0800

Global SOCKS5 Proxy in Ubuntu? (Or, MacOS/Widnows:Proxifier :: Linux:???) I’m a recent Ubuntu adoptee, and have enjoyed solving the issues that come up in the switching as much as the OS itself, but this one seems to have me stymied. Basically, I’m looking for a way to set things up such that every single network connection goes through an SSL tunnel.

A basic bit of background: In either Mac OS or Windows, I’ve accomplished this exact thing by doing the following:

1. I have a remote server configured to be used as a SOCKS5 proxy.
2. I use the following command to direct all traffic sent to localhost:1080(127.0.0.1) on to my remote server:
ssh –ND 1080 user@server.com –p 80

Where –N is used to show no confirmation after I enter the password, -D directs all traffic to 1080, and –p makes the ssh connection over port 80. (One of the few ports unblocked by my home ISP.)

3. Once that is connected, I use proxifier to direct all network traffic to localhost:1080.

This works perfectly for both setups. The thing I like best about it is that it directs *all* network traffic through Proxifier, and I can exempt things as needed. This is much, much simpler than configuring individual applications, and is invaluable for applications that don’t support SOCKS5 out of the box.

SO! The question: Does an alternative to proxifier exist for Linux? Some googling reveals that this same question has been asked, but in the rare instance that it’s been answered, the answerer didn’t seem to grok what proxifier did. The one thing that I’ve found, GSTM seems like it should do the trick, but I’ve yet to have any success.

Please note: While I will certainly entertain alternate methods to what I’m doing, they would need to follow two criteria:
1. I can do it without touching my remote server’s configuration. (Don’t want to mess up the already-working solutions I have for Windows/Mac.)
2. It must allow for stuff that doesn’t support SOCKS5 natively to run through a proxy.

Thanks in advance!

Why is my Mac saying "Segmentation fault" when all I want to do is SSH?

razorfrog — Thu, 26 Feb 2009 19:03:46 -0800

Running 10.5.6, my mac refuses to SSH to anything and gives the error "Segmentation fault" in Terminal. My Google-Fu has been very unsuccessful so far. Sadly, I have no idea what could have caused it, as I can't tie it to a specific installation of anything. All I do know is that it's very annoying, and my only solution is to restart my computer, and then SSH works for a little while.

I've tried re-installing the 10.5.6 update, as a few searches showed a similar problem happening a few years ago due to an OS update. That didn't do anything.

I'd really love to not re-install Leopard. Any ideas?

Encryption 101

devilshgrin — Mon, 02 Feb 2009 10:29:06 -0800

Can you point me an easy explanation of encryption technologies? I am working at a job where I am coming more and more in contact with acronyms like SSH, SFTP, SCP, PGP, etc....

Can someone point me to a good and hopefully simple resource for learning more about these terms?

DIY Secure VPN/SSH connection?

BoldStepDesign — Sat, 03 Jan 2009 21:29:28 -0800

I've been unsuccessful in getting an old pc up and running with Ubuntu or some other *nix OS. I am wondering. Is it possible to use VPN or ssh from my computer to my Dreamhost account to create a secure tunnel to their servers into to the internet? I'm using 0.00 gb on my account for bandwidth. Sound doable? Basically:

Me @ coffeeshop -- secure tunnel -- > Dreamhost -- > Out to the net.

-=--
If not can I do this running a VPS? (Virtual Private server), if so suggest some cheap hosts please.
-+--

Help me keep the riffraff out of the (SSH) tunnel

COBRA! — Mon, 24 Nov 2008 13:54:48 -0800

Please help an idiot lock down SSH access to a Leopard machine. In simple terms, how would I go about restricting SSH access to a Mac running Leopard so that it will only accept connections from a known location (specifically, a co-worker's house, where she logs in using Timbuktu)? I'm a database guy working outside of my sphere of knowledge here, so simple is good.

User account dissapeared from login screen in win XP where'd it go george?

TomMelee — Mon, 17 Nov 2008 18:19:02 -0800

Started using SSH and remote desktop, all is well. Now the local user can't login to the primary account! Help!? Long story short, had 1 account for an XP system. I added a user when I was fiddling around with SSH, but I never used it. Now when the system that I am logging INTO is restarted/turned off or whatever, the primary account is NOT an option to log into the system with.

I can still log in via SSH and force the login with the actual account name and password, and of course that leaves it logged in for her, but she can't do it by clicking the name anymore because it's not on the list.

I know you can switch to default override with ctrl+alt+del at the login screen, but this is my generally non-savvy girlfriend we're talking about.

So, how do I make the user name reappear at the login screen? And, just as importantly, how the HELL do I delete the user account that I have no intention of using?

I'm sure it's a simple setting I'm not seeing, but being 1000 miles away does make it more difficult.

Thanks.

For the record, SSH'ing into the system and using remote desktop is working tres bien.

Murphy strikes! SSH proxying is broken just as firewall goes up

your mildly obsessive average geek — Sun, 19 Oct 2008 20:25:01 -0800

In a classic demonstration of Murphy's Law, the SSH service on my VPS server is not proxying requests on the same day that a network firewall was installed. Please help! Here are the details (sorry if the rest of the question sounds a bit frantic...)

1. I have a client PC running Windows XP SP2 from which I access sites running non-default ports (Cpanel, Webmin etc.) via a SSH proxy.

2. The SSH proxy is running on a separate server. I use the Tunnelier software to provide proxy services. I log into the SSH service using a unprivileged account (account has no sudo access etc.)

3. The VPS Server running the SSH daemon is on CentOS 5, OpenSSH_4.3p2

4. The server does not have any firewall running (although CSF is installed):

# ps aux | grep csf
root 24232 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep csf
# ps aux | grep iptables
root 24278 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep iptables

5. The contents of my sshd_config file can be seen here

I can log into the SSH service successfully, however whenever I try to go to any website on the client, the SSH proxy log shows:

10:08:31.031 Closing SOCKS5 connection from 128.236.48.58:1753, sent: 0, received: 0.

10:08:31.031 SOCKS5 connection from 128.236.48.58:1753 failed: Client connection closed before completion of protocol.

10:08:34.034 Closing SOCKS5 connection from 128.236.48.58:1754, sent: 0, received: 0.

10:08:34.034 SOCKS5 connection from 128.236.48.58:1754 failed: Client connection closed before completion of protocol.

The log is filled with these sort of failed connections.

Further details:

1. The SSH proxy server isn't running any firewall, neither is the client.
2. The network does not block port 22 at the firewall for the SSH proxy server.
3. I have a second much slower SSH connection on the same server, and proxying through this second account works. So that tells me it's not a problem on my network end, it's the SSH server.
4. I have tried to log on to the SSH service using a high privilege account (sudo su access enabled) and then proxying, but that doesn't work either.

Any ideas, suggestions?

ssh sessions when port 22 is locked down?

namespan — Sat, 18 Oct 2008 16:05:35 -0800

I sometimes visit a network where port 22 is locked down. I'd like to be able to initiate ssh sessions from this site. Is there any tunneling or other magic I can invoke to reach this goal, or any other solution short of badgering the admins? (I'm also not sure now to find out what other ports are open. I know 21,80, and 443 are, because I can do normal web and ftp stuff, but other than manually trying each port with telnet, I'm not sure how to check...)

Big Red Button to Enable SSH Tunneling?

Alterscape — Mon, 08 Sep 2008 14:35:35 -0800

I'm on a mac. I want to set a single configuration option somewhere to enable/disable using SSH tunneling for a bunch of different protocols/applications. Is this possible? How? I have a mac laptop (OS X 10.5.4). I run a SSH server/DDNS client on my home router so that I can connect from the road and tunnel traffic through. Right now I run a shell script to open the tunnels and then manually reconfigure my apps to use the local endpoints. This is pretty easy for apps like IRC clients where I have the option of saying "okay, just connect to localhost:6667" when I launch the app. It's more of a pain for browsers and IM clients, where the setting is buried under several layers of Preferences. All the same, I'd like to expand my use of tunnels to protect my HTTP, IM traffic, etc.

What I'd like to do is find/write a script that opens the tunnels and updates a bunch of preferences at once, so my HTTP, DNS, IM traffic, etc are all tunneled with one action. Does anyone know of an app that does this? Is this even possible? (I imagine I'd have to restart most apps unless I can use Applescript to update the config while they're running)..

Bonus points for a solution that includes the option to "switch off" certain protocols if, say, I'm at a location with a big fat pipe and want to download something not-security-critical at full speed without running it through the tunnel (and my slower home connection).

For the record, the apps I'm curious about include Firefox/Safari, Adium, Colloquy, Mail.app.. there are others, but that's a minimum.

I suppose for the apps that accept a target server/proxy server as a command-line argument I could write shell scripts that specify the local tunnel endpoint and launch them through this script, but not all apps have this behavior and I'd prefer a cleaner solution if possible.

Just need a folder of my own, that's all!

dance — Tue, 02 Sep 2008 05:04:10 -0800

Would anyone care to comment on the most practical way, given access to a command line Fedora box, I can obtain a copy of a folder and its contents? The box is connected to the net but I don't know enough Unix to, for example, get a tar of the folder and have the machine email me a copy. Although thinking about it, the folder is probably just a little too big for that. I have SSH and physical access but FTP isn't working, which is the whole problem in a nutshell, really. If anyone is interested in 10 minutes' brainstorming feel free to mefi mail me!

problem apps ignoring proxy settings

tylermoody — Fri, 08 Aug 2008 19:11:02 -0800

Why are Firefox and Transmission ignoring my proxy settings? OS X 10.5.4 I'm connecting to a server through ssh with:
ssh -D -p name@server

In System Preferences > Network > Advanced > Proxies, I have a SOCKS proxy set at localhost:. This setup successfully sends most of my traffic through the remote server, but Firefox can occasionally get around it (when watching Hulu) and Transmission connects directly to other peers (connections to the tracker go through the proxy, though). \

I've tried setting the proxy options of those applications independently, but I don't see any change in their behavior. What's letting them get around the system-level configuration, and what can I do to enforce proper behavior? I'm open to other proxy setups, this was the simplest I'd found.

Can you tunnel via SSH to access Gmail via IMAP in Outlook when the ports are blocked?

izicwe — Thu, 07 Aug 2008 09:47:40 -0800

I like to think of myself as somewhat of a power user when it comes to mail servers, SSH, Gmail, and Outlook, but this one has me stumped! I use Outlook for both work and personal e-mail, but while on the network at work our ports are pretty locked down. How might I access my Gmail account via IMAP in Outlook while on a locked-down network? Ports 25, 110, 143, 587, 993, etc., are all blocked. In order to access personal e-mail, I connect via SSH (PuTTY) to my DreamHost mail server and tunnel POP/SMTP (ports 110 and 25) traffic over that SSH session. Is there any way I could use that SSH connection to tunnel to Gmail's servers for IMAP access as well? If not using that tunnel, is there another way? I can access Gmail through a web browser, but my objective is to be able to collect all my e-mail in Outlook as well. Thanks!

how to keep an ssh session going despite constant disconnections?

helios — Thu, 05 Jun 2008 10:23:41 -0800

How do you keep an SSH session alive when you are forced to use a crappy wireless network that constantly disconnects? Every time my wireless connection disconnects, I have to log on again, delete the .swp file that vi creates when I disconnect, and reopen all the files that I had opened. Surely, there's a way to just restart exactly where I left off without having to do anything special?

I've tried searching Google for this, but every result has to do with keeping idle SSH sessions alive by using a keepalive ping, which is obviously not my problem. I'm using PuTTY, if that matters.

Is there a quick way of copying files "up" an SSH connection?

caek — Mon, 02 Jun 2008 06:56:35 -0800

Is there a quick way of copying files "up" an SSH connection? Say I'm logged into a remote machine and have navigated to some inconveniently deep location in the directory structure, where I find a file I want to copy back to the local machine from which I established the SSH connection.

However, the local machine is not visible from the public internet so I either have to set up a port forward on the router it lies behind (and perhaps a DynDNS alias) and scp from the remote machine, or log out/start a new terminal on the local machine and issue an scp command from there, referring to the aforementioned inconveniently deep location of the file.

It seems like there should be a more ad hoc, easier way to copy a file back up an SSH connection. Is there?

Coloring an OSX Terminal window based on an ssh connection?

neilkod — Thu, 15 May 2008 12:45:17 -0800

My career involves me using OSX Terminal ssh'd into other servers. Often, I have multiple ssh connections open, sometimes two or three to the same server. I can't bring myself to use tabs. Is there anything that can automatically be done to automatically color/title my terminal windows once I ssh into them? Even nicer would be a spotlight command to launch terminal and connect to a terminal. Then, the color/background image (and window title) would change based on my ssh connection, depending on server name/address, production vs qa vs dev, etc. We're talking about 10 diff. servers overall and often I have two or three terminals open to the same server.

Is this the reason I've been needing to finally delve into Applescript, or does a solution already exist?

I would consider installing QS if a solution exists. If it helps, I dont do a whole lot locally from the OSX terminal, its always ssh.

Remote X11 desktop on OS X

caution live frogs — Fri, 25 Apr 2008 09:35:33 -0800

Using X11 forwarding to bring my Ubuntu server desktop to my MacBook Pro. Everything works fine if I run a specific program (e.g., Firefox) but goes to hell if I try 'startx' - I keep getting an AIGLX display error message. Any help appreciated. Mac is running Leopard, using the February Xquartz release rather than the standard Apple X11. (Latest Xquartz release is downloaded but not installed yet.) Server is a headless box running Gutsy + XFCE. Connecting using ssh -X with blowfish + compression (although ssh -Y without compression gives me the same error). While I managed to troubleshoot most of my problems, and have nearly everything working, I can't get the XFCE desktop to start. Error I'm getting is:



(EE) AIGLX: Screen 0 is not DRI capable

All my searches on this error message seem to make me think this is driver-related, but solutions I've found are all geared towards local X sessions rather than remote. Any ideas?

Older version of Filezilla, or newer version of something else?

middleclasstool — Mon, 07 Apr 2008 06:00:11 -0800

Older versions of Filezilla? Or another freeware ftp client that can handle SSH and SSL? Hard drive got fried in a storm this weekend, and I'm currently reinstalling everything to the new drive. I was running Filezilla version 2 (I think 2.3.2), and it ran like a top. But I just tried installing the latest version in its place, and a couple of SSH connections don't work with it. They're returning "garbled packet" errors.

Googling reveals that they use puTTY for SSH, and that's where the error comes from. Checking with puTTY, they insist it's not an error, it's a server configuration problem, but there's no way I can get these servers reconfigured, and anyway the older software connected and transferred to them just fine. Also, I've tried the connection with two other non-free clients at work, and no problems occur. Argh.

So I've tried to find a download page for older versions of Filezilla client, and am coming up with nothing. Does anybody know where I can find either Filezilla 2, or -- even better -- can you recommend a freeware ftp client for WinXP that can handle both SSH and SSL transfers?

Help me connect my two VPNs from a public hotspot

sideshow — Thu, 28 Feb 2008 19:28:30 -0800

How can I make my laptop pretend it's connected directly to the internet when I'm behind a firewall that blocks almost all ports? I work from home a lot, but since the weather here in LA is nice this week I want to work from the local coffee shop. Said coffee shop blocks all ports (pretty much) except SSH, HTTP, and HTTPS.

I have two different jobs and two different VPN clients. One is the built in Windows XP PPTP VPN client, and the other is a Nortel Contivity IPSEC client.

I also have root access at a VPS (virtual private server) on the public internet running Ubuntu Gutsy and I completely control this machine.

So, I've looked into SSH port forwarding (via putty) but because the VPN clients use more than just a single TCP port it didn't work. Also I can't make the VPN clients use a different port to connect.

What I want is for all traffic to go from my laptop to my server on the internet via port 22, 80 or 443. Also, I want for all my applications to think that they are directly connected to the internet somehow. Do I need to connect to my VPS with a new VPN and then run my current clients over that connection?

Gentoo + AD + pam_mount + ssh = single password?

grandsham — Sat, 16 Feb 2008 10:54:33 -0800

Can I get a gentoo machine to authenticate/mount home directories from a windows 2003 server with a single password? In the computer lab I help administrate, we have a headless linux project box, running gentoo, that uses Pluggable Authentication Modules (PAM) to authenticate against the lab's 2003 Active Directory server. We have PAM set up so that it authenticates properly, and can even mount the user's directory on the server on their home directory(using pam_mount).

The problem: when logging in via ssh, it currently requires two passwords (one for ssh login, one for home directory mounting). This is not a problem on the linux workstation in the lab (using gdm and roughly the same pam configs for logins).

So my question: how do I configure this project box to use only one password for login/directory mounting?